role/dns: configure NSD as the stealth master with 2 domains

* Add "network" and "nsd" variables
* Install and configure NSD as the authoritative stealth master server
* Allow notify and transfer to slave masters:
  - freedns.afraid.org
  - 1984hosting.com
* Add preliminary zone files for domains:
  - 233233.xyz
  - 1314233.xyz

1 files changed, 32 insertions, 0 deletions

diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml
index 59522a8..6712c37 100644
--- a/roles/dns/tasks/main.yml
+++ b/roles/dns/tasks/main.yml
@@ -20,11 +20,13 @@
   command: >
     fetch -o /usr/local/etc/unbound/root.hints
     "https://www.internic.net/domain/named.cache"
+  notify: restart-unbound
 
 - name: unbound - copy configuration
   copy:
     src: unbound.conf
     dest: /usr/local/etc/unbound/unbound.conf
+  notify: restart-unbound
 
 - name: unbound - enable and start service
   command: rcenable unbound
@@ -33,3 +35,33 @@
   copy:
     src: resolv.conf
     dest: /etc/resolv.conf
+
+- name: NSD - copy configuration
+  template:
+    src: nsd.conf.j2
+    dest: /usr/local/etc/nsd/nsd.conf
+  notify: restart-nsd
+
+- name: NSD - check existence of control key/cert
+  stat:
+    path: /usr/local/etc/nsd/nsd_control.key
+  register: stat_result
+
+- name: NSD - generate self-signed key/cert for control
+  command: nsd-control-setup
+  when: stat_result.stat.exists == False
+
+- name: NSD - create zones directory
+  file:
+    path: /usr/local/etc/nsd/zones
+    state: directory
+
+- name: NSD - copy zone files
+  template:
+    src: "zones/{{ item }}.zone.j2"
+    dest: "/usr/local/etc/nsd/zones/{{ item }}.zone"
+  with_items: "{{ nsd.zones }}"
+  notify: restart-nsd
+
+- name: NSD - enable and start service
+  command: rcenable nsd